Wired Intelligent Edge

Hello all,

we have been having weird issues with all 2540(24 port) switches and able to download user role onto them. particularly 1 specific role. 

Below is our setup
We have around 25 2540(24 port) switches all connected to Clearpass Server.

• • • All 2540 switch has - 16.10 as primary and secondary image varies from 16.9 to 16.7
• Clearpass running 6.8.7
• All these switches have 802.1x enabled.
• All laptops have computer and user based certs pushed out via GPO.
• we are not facing this issue on other models i.e 5406,5412, 2540 48 48PORT

Issue:

• Switch is able to download roles related to guest and printers but not corporate devices.

Testing Done

• we connected 2 laptops both win 10 onto 5406 switch and port was authenticated with .1x role.
• we rebooted the switch to test the theory that once the switch looses its role it wont be able to re-download the .1x role. we were proved wrong. after reboot switch re-downloaded the .1x role for corporate devices.
• took the same 2 device and connected it to 2540 and the .1x role fails to download. Clearpass stating TIMEOUT as the issue.
• Aruba tech mentioned that the client was failing to respond to Clearpass/Switch request for some reason(this was found via wireshark)
• we had these switches for past 30 months and was working without any issue.

has anyone had this issue?
any other recommendation i can do to test?
------------------------------
Andy
---------------------------

You mention that it worked for 30 months without an issue. Did it start after in upgrade of your switches? Or another change?
Can you downgrade and see if the issue is resolved with that?

The 5400 series is quite different from the 2540 from a feature set. Do I understand correctly that if you do the test again that there is an issue on the 2540-24 port but not on the 2540-48 port?

Do you have a support case open? If they see something strange in Wireshark ask them to escalate the issue to get to a resolution.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 18, 2021 05:00 PM
From: Anand Nagarajan
Subject: 2540 and User Role Issue

Hello all,

we have been having weird issues with all 2540(24 port) switches and able to download user role onto them. particularly 1 specific role. 

Below is our setup
We have around 25 2540(24 port) switches all connected to Clearpass Server.

• • • All 2540 switch has - 16.10 as primary and secondary image varies from 16.9 to 16.7
• Clearpass running 6.8.7
• All these switches have 802.1x enabled.
• All laptops have computer and user based certs pushed out via GPO.
• we are not facing this issue on other models i.e 5406,5412, 2540 48 48PORT

Issue:

• Switch is able to download roles related to guest and printers but not corporate devices.

Testing Done

• we connected 2 laptops both win 10 onto 5406 switch and port was authenticated with .1x role.
• we rebooted the switch to test the theory that once the switch looses its role it wont be able to re-download the .1x role. we were proved wrong. after reboot switch re-downloaded the .1x role for corporate devices.
• took the same 2 device and connected it to 2540 and the .1x role fails to download. Clearpass stating TIMEOUT as the issue.
• Aruba tech mentioned that the client was failing to respond to Clearpass/Switch request for some reason(this was found via wireshark)
• we had these switches for past 30 months and was working without any issue.

has anyone had this issue?
any other recommendation i can do to test?
------------------------------
Andy
---------------------------

i dont think it broke after we upgraded as when i switched 2 switches to different firmware i.e 16.9 and 16.8 the issue still existed.
only 2540 24 port switch is showing this issue not 2540 48 port.

support case is open and tech has already escalated as initially they blamed it on OS as it wasnt accepting the request from clearpass or the switch for .1x
hence we tested the same laptop on different model switch which worked perfectly.

------------------------------
Anand Nagarajan
------------------------------

Original Message:
Sent: Jan 19, 2021 04:15 AM
From: Herman Robers
Subject: 2540 and User Role Issue

You mention that it worked for 30 months without an issue. Did it start after in upgrade of your switches? Or another change?
Can you downgrade and see if the issue is resolved with that?

The 5400 series is quite different from the 2540 from a feature set. Do I understand correctly that if you do the test again that there is an issue on the 2540-24 port but not on the 2540-48 port?

Do you have a support case open? If they see something strange in Wireshark ask them to escalate the issue to get to a resolution.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 18, 2021 05:00 PM
From: Anand Nagarajan
Subject: 2540 and User Role Issue

Hello all,

we have been having weird issues with all 2540(24 port) switches and able to download user role onto them. particularly 1 specific role. 

Below is our setup
We have around 25 2540(24 port) switches all connected to Clearpass Server.

• • • All 2540 switch has - 16.10 as primary and secondary image varies from 16.9 to 16.7
• Clearpass running 6.8.7
• All these switches have 802.1x enabled.
• All laptops have computer and user based certs pushed out via GPO.
• we are not facing this issue on other models i.e 5406,5412, 2540 48 48PORT

Issue:

• Switch is able to download roles related to guest and printers but not corporate devices.

Testing Done

• we connected 2 laptops both win 10 onto 5406 switch and port was authenticated with .1x role.
• we rebooted the switch to test the theory that once the switch looses its role it wont be able to re-download the .1x role. we were proved wrong. after reboot switch re-downloaded the .1x role for corporate devices.
• took the same 2 device and connected it to 2540 and the .1x role fails to download. Clearpass stating TIMEOUT as the issue.
• Aruba tech mentioned that the client was failing to respond to Clearpass/Switch request for some reason(this was found via wireshark)
• we had these switches for past 30 months and was working without any issue.

has anyone had this issue?
any other recommendation i can do to test?
------------------------------
Andy
---------------------------